Mobility and IoT are disruptive technologies that have necessitated a change in how security is practiced. But just as the security paradigms are shifting, there is also a need to change the paradigm around governance, risk and compliance , says French Caldwell, chief evangelist with MetricStream.

"It is not a the amplification that is a concern, or the fact that mobile applications and devices can now access data, but the reality that data is now everywhere - in the cloud, on multiple applications, on multiple devices," he says. "So we have to think very differently about GRC around the context of mobile data."

Caldwell is already seeing some changes in the GRC landscape, which reflect the changing needs of the industry. For instance, there have been some significant changes in the rationale for investing in GRC. He says that the drivers around compliance are actually becoming secondary, while the drivers around risk management have become very significant (see: India's GRC Challenge).

In a recent survey conducted my MetricStream, 70 percent of the respondents cite improving the organization's risk oversight as the most common reason for investing in GRC tools, he says.

"We are seeing an increased emphasis on risk management, particularly risk management as an input to business decision-making and business performance, Caldwell says. "There are some others as well, including third-party management, cybersecurity and of course regulatory compliance. But within regulatory compliance, we find that the biggest driver is the pace of regulatory change."

In this audio interview (see link below image), Caldwell speaks to the changes he sees in the landscape. He shares insights and recommendations for practitioners, talking about:

Common GRC mistakes;

GRC challenges for mobility and IoT;

The next big development in GRC.

Caldwell, chief evangelist at MetricStream, has been helping to shape the GRC market for the past 12 years. He is a former fellow and vice president at Gartner, where he led its GRC research, including the influential Gartner Magic Quadrant on GRC, as well as research into disruptive technology. He also worked with the White House and U.S. Naval War College in 2002 to develop the Digital Pearl Harbor war game, the first ever strategic assessment of cyber war strategies. Caldwell is also a retired naval officer and a nuclear submariner.